Open
Conversation
… DefaultCredentials In auto-detect mode, Azure strategies are skipped on GCP/AWS hosts and GCP strategies are skipped on Azure/AWS hosts. When auth_type is explicitly set, cloud filtering is bypassed so the named strategy is always attempted regardless of host cloud. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
|
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
changed the title
tanmay-db
approved these changes
Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Add orchestrator-level cloud filtering to
DefaultCredentialsvia a_CLOUD_REQUIREMENTSmap.Background: A previous PR removed the individual
is_azure()/is_gcp()guards from each credentials strategy (e.g.azure_cli,azure_service_principal,google_credentials,google_id) so that explicitly settingauth_typeon a mismatched host would work correctly. However, that left no replacement filtering in auto-detect mode — meaning Azure strategies were being attempted on GCP hosts and vice-versa with no way to skip them early.Solution: A
_CLOUD_REQUIREMENTSdict maps auth type names to the cloud they require.DefaultCredentials.__call__consults this map in auto-detect mode only:auth_typenot set): strategies whose required cloud doesn't match the detected host cloud are skipped. Each skip is logged at debug level:Skipping "azure-cli": not configured for AZURE.auth_typeis explicitly set: the map is not consulted and the named strategy is always attempted, regardless of detected host cloud (e.g.auth_type="azure-cli"on a GCP host).Files changed:
databricks/sdk/credentials_provider.py— importsCloud, adds_CLOUD_REQUIREMENTSmap, adds cloud-filtering logic toDefaultCredentials.__call__tests/test_credentials_provider.py— addsTestDefaultCredentialsCloudFilteringwith two testsTests
test_skips_azure_strategy_on_gcp_host_in_auto_detect_mode— verifies an Azure strategy is skipped on a GCP host in auto-detect modetest_bypasses_cloud_filter_when_auth_type_explicitly_set— verifies the Azure strategy is still attempted on a GCP host whenauth_typeis explicitly setPython port of databricks/databricks-sdk-go#1505
🤖 Generated with Claude Code